QualysGuard assigns a vulnerability category and a severity level for each vulnerability detected. Vulnerability categories are Vulnerability, Potential Threat, Informational, or Service. A severity level indicates the security risk posed by exploitation of the vulnerability and its degree of difficulty. The results of successful exploitation of vulnerability can vary from disclosure of information about the host to a complete compromise of the host.
QualysGuard's vulnerability classification provides three categories of vulnerability information that helps customers prioritize scan results into: Vulnerabilities, Possible Threats, or Information Gathered.
VULNERABILITY CATEGORIES
|
Vulnerabilities  A Vulnerability is a design flaw or mis-configuration which makes your network (or a host on your network) susceptible to malicious attacks from local or remote users. Vulnerabilities can exist in several areas of your network, such as in your firewalls, FTP servers, Web servers, operating systems or CGI bins. Depending on the level of the security risk, the successful exploitation of a vulnerability can vary from the disclosure of information about the host to a complete compromise of the host. The severity levels for vulnerabilities are represented as Levels 1-5. |
|
|
Potential Vulnerabilities  Potential Vulnerabilities include all vulnerabilities that we cannot confirm exist. The only way to verify the existence of these vulnerabilities would be to perform an intrusive scan on your network, which could result in a denial of service. This is strictly against our policy. Instead, we urge you to investigate potential vulnerabilities further. |
|
|
Information Gathered and Services  Information Gathered includes visible information about the network related to the host, such as traceroute information, Internet Service Provider (ISP), or a list of reachable hosts. Information Gathered severity levels also include Network Mapping data, such as detected firewalls, SMTP banners, or a list of open TCP services. |
